HPE Community
Operating System - HP-UX
1846966 Members
4048 Online
110257 Solutions
New Discussion

Re: Create user

 
O'lnes
Regular Advisor

‎10-24-2002 03:37 AM

‎10-24-2002 03:37 AM

Create user

I use HP 10.20 system( not trusted ) , can I create a userid that over 8 characters? Thx.
Andy
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎10-24-2002 03:40 AM

‎10-24-2002 03:40 AM

Re: Create user

You're better off not to.

Pete

Pete
0 Kudos
Reply
Clemens van Everdingen
Honored Contributor

‎10-24-2002 03:44 AM

‎10-24-2002 03:44 AM

Re: Create user

Hi,

Absolute limit is 63 chars, BUT a lot of headaches can be avoided if usernames are kept <= 8 chars

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎10-24-2002 03:49 AM

‎10-24-2002 03:49 AM

Re: Create user

Hi,

for user's names (logins), yes you can but only 8 first chars are significant, so as Pete and Clemens said, avoid it if you can (in fact it's supposed to be forbidden in man 4 passwd). But I read 'userid' in your question. If you really mean UID, then limit is MAXUID or UID_MAX which seem to be derived from MAXINT. See man 4 passwd for details.

Regards,

Jean-Louis.

The following fields have size limitations as noted:

+ Login name field can be no longer than 8 characters;

+ Initial working directory field can be no longer than 63
characters;

+ Program field can be no longer than 44 characters.

+ Results are unpredictable if these fields are longer than the
limits specified above.

The following fields have numerical limitations as noted:

+ The user ID is an integer value between 0 and UID_MAX-1
inclusive. As a special case -2 maybe present.

+ The group ID is an integer value between 0 and UID_MAX-1
inclusive. As a special case -2 maybe present.
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
O'lnes
Regular Advisor

‎10-24-2002 03:49 AM

‎10-24-2002 03:49 AM

Re: Create user

What is the pitfall if the userid over 8 characters? Thx.
Andy
0 Kudos
Reply
Clemens van Everdingen
Honored Contributor

‎10-24-2002 03:55 AM

‎10-24-2002 03:55 AM

Re: Create user

Hi,

See this thread !

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x49b814a24fd1d4118fef0090279cd0f9,00.html

and lots of others to search for

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎10-24-2002 03:55 AM

‎10-24-2002 03:55 AM

Re: Create user

//
There is an eight character limit on user logins

There is a patch for hpux11.0
PHCO_21833.

not sure for 10.20


The PAM libraries intentionally reject login names which
are longer than 8 characters. This behavior is changed from
10.20. Some customers want a way to bypass this restriction.
//
0 Kudos
Reply
Darren Prior
Honored Contributor

‎10-24-2002 04:34 AM

‎10-24-2002 04:34 AM

Re: Create user

pitfalls? Have a look at the output of ll, if the username is more than about 12 chars it would get truncated by the group name. This is just one of many commands that could be affected.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-24-2002 07:13 AM

‎10-24-2002 07:13 AM

Re: Create user

Usually these requests are caused by trying to force-fit one operating system into another. The 8 character limit is a classic UNIX limitation and some vendors have created variations with very labor-intensive consequences. By the way, that labor (and also the blame) is usually for the sysadmin, not the decision makers.

You could spend the next 6 months trying to work around a non-standard Unix login. Scripts would have to be rewritten and tested, programs would have to be rewritten, any code that depended on a user name could potentially fail or provide the wrong results to other programs or scripts, etc.

The 11.0 patch requires that you create the following directory in /etc/default:

"I_ACCEPT_RESPONSIBILITY_FOR_BYPASSING_SECURITY_CHECKS".

Notice the CAPITAL LETTERS? The patch goes on to state that there a number of incompatibilities with grpck, pwck, sam, useradd, etc, and the real kicker: DO NOT USE ON A TRUSTED SYSTEM.

Unless you like making an enormous amount of extra work for yourself (and downtime for applications and users), state that HP-UX has a maximum 8 character limit which can never be changed.


Bill Hassell, sysadmin
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎10-24-2002 12:10 PM

‎10-24-2002 12:10 PM

Re: Create user

I strongly echo the last paragraph of Bill's reply. As the original author of the patch he references, I know all too well how many places in the code APPEAR to work when you do
this, but leave you open to functional and/or
security problems. This is why there are special install instructions for the patch.
If you really want to shoot your own foot off,
that patch will let you.

HP-UX is not alone in that limit. I know of other major UNIX variants that are widely believed to permit longer user names, but whose published include files clearly show that they can't actually do what people believe they do. There simply isn't enough space in some of the key data structures.
Some simple tests confirm that independently.
Things like accounting records get truncated.
If you get lucky, you might not notice the memory corruption due to buffer overflows, etc. when you bypass this check. If you get unlucky, someone will exploit the buffer overflows to break into your system, commands will fail in mysterious ways, or worse.

Unfortunately, way too much UNIX code (not just HP-UX) has hard-coded knowledge of 8 characters in a user name. The only way to fix this would be to break compatibility in a significant way.

The HP-UX team is painfully aware of the desire to relax this limit, and hopes to do so in a future major release of HP-UX, but doing so would require major changes throughout the system. Unfortunately, this is not something that is at all practical to patch due to the many affected pieces of code.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.